Handling, use and sharing of exception reporting data

Exception reporting data must be treated as confidential to the individual doctor, and cannot be accessed, shared or requested to be shared without the doctor’s explicit consent, outside the specific pathways listed in the 2016 TCS and in national jointly produced guidance (Annex D paragraph 27). Employers should ensure that access to identifiable data from exception reports is restricted to those individuals who have a legitimate role within the contractual pathways defined in the 2016 TCS or in national jointly agreed guidance, in order to avoid an information breach fine (as per 2016 TCS Annex D paragraph 33-36). 

Where the contract specifies that only certain individuals may view identifiable data, employers will ensure that these restrictions are enforced consistently. 

A list of individuals with direct access to a doctor’s exception reporting data must be shared with the doctor at onboarding and when new individuals are granted access (Annex D, paragraph 29). This can be shared via email or through the relevant exception reporting software for that doctor.

Identifiable exception reporting data may only be shared with individuals outside the permitted contractual pathways where the doctor has provided explicit consent, unless there is a legal requirement or an overriding public interest to do so. (Annex D, paragraph 26–28). Where consent is required, it should be informed, written and recorded appropriately.

Where there are genuine concerns about the health, safety and welfare of a doctor and/or others, there is a legal duty on employers to ensure, as far as is reasonably practicable, the wellbeing of its employees at work. This is commonly known as an employer’s ‘duty of care’. 

Exception reporting data may be used either in an identifiable or non-identifiable form depending on the purpose. Identifiable information includes the doctor’s name, their contact details, and any content that clearly links the exception report to the doctor. Non-identifiable data includes aggregated data, statistical information, and any content that has been anonymised to remove identifying features.

The distinction between identifiable and non-identifiable data is essential, as the TCS sets out specific circumstances where non-identifiable information may be used, and where identifiable information can be used.

Employers will retain all exception reporting data, including withdrawn reports, for GoSWH oversight, auditing, financial purposes, and quarterly and annual reporting. This requirement ensures transparency and allows for monitoring of safe working hours.

Proven improper access, mishandling or unauthorised sharing of identifiable exception reporting data constitutes an information breach. The 2016 TCS describes the financial penalties in Annex D, paragraphs 33-36 to be applied. The GoSWH quarterly report will record penalties as a result of information breaches.

HR teams may access identifiable exception reporting data when they are required to validate and process payments or TOIL. They may contact the doctor directly when additional clarification or evidence is needed. HR staff must not access or share identifiable information for any purpose outside the defined contractual processes (Annex D, paragraphs 3-15 & 26). 

The GoSWH has unrestricted access to all exception reporting data. This access is required to allow the GoSWH to identify patterns, assess safety concerns, and ensure that exception reporting processes are being followed appropriately, including influencing change.

Payroll teams may access only the information required to process payments arising from exception reports. They may see information which identifies that a doctor requires payment as a result of an exception report, but they will not view the content of the report itself. Employers will ensure that systems and processes reinforce this distinction in order to avoid a risk of information breach fines.

The DME may access identifiable information within educational exception reports only. Where a DME seeks to share educational exception reporting data, to enable the remediation of an unfulfilled training opportunity, the doctor must give explicit consent before this information is shared (Annex D, paragraphs 16–18).

If consent is not obtained despite reasonable attempts, it may not be possible to reinstate the activity. In which case, the DME can take no action, and the report will be noted for information and reporting purposes only.  

If there are repeated instances of this occurring, the DME may wish to escalate concerns to the GoSWH to investigate further. The reporting doctor should be notified when this is the case.

Senior managers or members of the board of directors may only access personally identifiable exception reporting data when there is a legal obligation or when presented with an overriding public interest justification. In these cases, the GoSWH will be notified of the action taken by the employer. The affected doctor(s) should be notified of this action as soon as practically possible, and the number of such disclosures must be recorded in the GoSWH’s quarterly report in anonymised form (Annex D, paragraph 28). 

Non-identifiable data derived from exception reports may be shared for audit and financial purposes to appropriate recipients. Financial data that could identify a doctor as having exception reported may be used for normal financial management and audit purposes but cannot include the exception report number or content. There are no restrictions on access to exception reporting data for those whose job roles are related to professional auditing.